Minor feeds fixes to be W3C-validator compliant - fix shaarli#914

application/FeedBuilder.php

@@ -153,6 +153,9 @@ protected function buildItem($link, $pageaddr)
             $permalink = '<a href="'. $link['guid'] .'" title="Permalink">Permalink</a>';
         }
         $link['description']  = format_description($link['description'], '', $pageaddr);
+        if ($this->feedType == self::$FEED_RSS) {
+            $link['description'] = $this->htmlEscape($link['description']);
+        }
         $link['description'] .= PHP_EOL .'<br>&#8212; '. $permalink;
 
         $pubDate = $link['created'];
@@ -178,6 +181,11 @@ protected function buildItem($link, $pageaddr)
         uasort($taglist, 'strcasecmp');
         $link['taglist'] = $taglist;
 
+        if ($this->feedType == self::$FEED_RSS) {
+            $link['title'] = $this->htmlEscape($link['title']);
+            $link['taglist'] = array_map('FeedBuilder::htmlEscape', $link['taglist']);
+        }
+
         return $link;
     }
 
@@ -246,6 +254,18 @@ protected function getLatestDateFormatted()
         return $this->latestDate->format($type);
     }
 
+    /**
+     * Perform HTML-escaping, ensuring entities are not escaped twice.
+     *
+     * @param string $text Plain text or already HTML-escaped text
+     *
+     * @return string HTML-escaped string
+     */
+    protected function htmlEscape($text) {
+        // We avoid double-encoding
+        return htmlspecialchars($text, ENT_COMPAT|ENT_HTML401, ini_get("default_charset"), false);
+    }
+
     /**
      * Get ISO date from DateTime according to feed type.
      *

tests/FeedBuilderTest.php

@@ -109,6 +109,37 @@ public function testRSSBuildData()
         $this->assertRegExp('/2016-08-03T09:30:33\+\d{2}:\d{2}/', $data['links'][8]['up_iso_date']);
     }
 
+    /**
+     * Test HTML escaping in RSS feed.
+     * @group WIP
+     */
+    public function testRSSHTMLEscaping()
+    {
+        $link = array(
+            'id' => 0,
+            'title' => 'A & B',
+            'url' => 'http://dummy',
+            'description' => 'a &amp; b<br>',
+            'private' => 0,
+            'created' => new DateTime(),
+            'updated' => null,
+            'tags' => 'éêè',
+            'shorturl' => 'http://dummy',
+        );
+        file_put_contents(self::$testDatastore,
+            '<?php /* '.base64_encode(gzdeflate(serialize(array($link)))).' */ ?>');
+        self::$linkDB = new LinkDB(self::$testDatastore, true, false);
+
+        $feedBuilder = new FeedBuilder(self::$linkDB, FeedBuilder::$FEED_RSS, self::$serverInfo, null, false);
+        $feedBuilder->setLocale(self::$LOCALE);
+        $data = $feedBuilder->buildData();
+        $link = $data['links'][0];
+
+        $this->assertEquals('A &amp; B', $link['title']);
+        $this->assertEquals('a &amp; b&lt;br&gt;', explode(PHP_EOL, $link['description'])[0]);
+        $this->assertEquals('éêè', $link['taglist'][0]);
+    }
+
     /**
      * Test buildData with ATOM feed (test only specific to ATOM).
      */

tpl/default/feed.atom.html

@@ -28,7 +28,7 @@
         <published>{$value.pub_iso_date}</published>
         <updated>{$value.up_iso_date}</updated>
       {/if}
-      <content type="html" xml:lang="{$language}"><![CDATA[{$value.description}]]></content>
+      <content type="html" xml:lang="{$language}">{$value.description}></content>
       {loop="$value.taglist"}
         <category scheme="{$index_url}?searchtags=" term="{$value|strtolower}" label="{$value}" />
       {/loop}

tpl/default/feed.rss.html

@@ -22,9 +22,9 @@
         {/if}
         {if="$show_dates"}
           <pubDate>{$value.pub_iso_date}</pubDate>
-          <atom:modified>{$value.up_iso_date}</atom:modified>
+          <atom:updated>{$value.up_iso_date}</atom:updated>
         {/if}
-        <description><![CDATA[{$value.description}]]></description>
+        <description>{$value.description}></description>
         {loop="$value.taglist"}
           <category domain="{$index_url}?searchtags=">{$value}</category>
         {/loop}